Revision as of 16:33, 2 December 2021 by Demo writer (talk | contribs) (Created page with "{{Risk infobox |riskID=AS1 |riskDate=2021-11-26 |riskDomain=External |riskAffects=Asset, Data protection |riskOwner=User:Parnoux |riskFactor=C3 |riskMeasuresExist=Yes |riskFac...")
| Impact → |
Negligible
(A) |
Marginal
(B) |
Considerable
(C) |
Critical
(D) |
Catastrophic
(E) | |
|---|---|---|---|---|---|---|
| Consequence | Environment (IE) | Slight effect | Minor effect | Localized effect | Major effect | Massive effect |
| Asset (IA) | Slight damage | Minor damage | Medium damage | Major damage | Extensive damage | |
| Health (IH) | Slight physical or mental harm | Minor physical or mental harm | Major physical or mental harm | Single fatality | Multiple fatalities | |
| Business continuity (IB) | Minor visible or barely recognizable disruption of service | Recognizable temporary disruption of service | Minor functional (permanent) disruption of service | Major functional (permanent) disruption of service | Complete outage of service | |
| Data protection (ID) | No data loss / no data disclosure | Loss of rebuildable secondary data, disclosure of public data | Loss of easily recoverable data, disclosure of internal data | Loss of recoverable data, disclosure of some protected data | Irrecoverable data loss, full disclosure of protected data | |
| ↓ Probability (within 5yrs) |
Certain (5) 81-100% |
A5 | B5 | C5 | D5 | E5 |
| Likely (4) 61-80% |
A4 | B4 | C4 | D4 | E4 | |
| Possible (3) 41-60% |
A3 | B3 | C3 | D3 | E3 | |
| Unlikely (2) 21-40% |
A2 | B2 | C2 | D2 | E2 | |
| Improbable (1) 0-20% |
A1 | B1 | C1 | D1 | E1 |
| Mitigated risk | Original risk | ||||||
|---|---|---|---|---|---|---|---|
| Factor | B3 | ID | AS1 | Affects | Asset
Data protection |
Factor | C3 |
| Level | Low | Discovered on | 2021-11-26 | Owner | User:Parnoux | Level | Medium |
| Probability | Possible | Domain | External | Measures exist? | no | Probability | Possible |
| Impact | Marginal | Incidents | 1 | Last audit | Impact | Considerable | |
Reported incidents
| Incident page | Date | Incident Name | Incident Type | Closed? |
|---|---|---|---|---|
| Lost laptop | 2021-12-02 | Lost laptop | Asset Data protection | No |
Risk description
Risk treatment considerations
Replace the information below with your own considerations. During risk mitigation planning, the following information should be considered:
- possible vulnerabilities (people, systems)
- legal requirements
- industry best practices
- cost and resources
- data classification: public, private, restricted, confidential (for data protection risks only)
Risk treatment plan
Replace the information below with the actual risk treatment plan that you want to implement.
The purpose of the risk treatment plan is to specify: (1) which measures are planned, (2) how they will be implemented, and (3) if they are already implemented. It is important that all affected parties understand the plan and its implementation. Progress against the plan needs to be monitored consistently.
